From owner-freebsd-questions@FreeBSD.ORG Fri Oct 17 03:38:29 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 110A91065686 for ; Fri, 17 Oct 2008 03:38:29 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq1.gn.mail.iss.as9143.net (smtpq1.gn.mail.iss.as9143.net [212.54.34.164]) by mx1.freebsd.org (Postfix) with ESMTP id BF8758FC15 for ; Fri, 17 Oct 2008 03:38:28 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.34.140] (port=38719 helo=smtp9.gn.mail.iss.as9143.net) by smtpq1.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1KqfZX-0006uk-Np for freebsd-questions@freebsd.org; Fri, 17 Oct 2008 05:00:15 +0200 Received: from cp268254-a.landg1.lb.home.nl ([84.25.65.88] helo=ra.egypt.nl) by smtp9.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1KqfZS-0005w3-JZ for freebsd-questions@freebsd.org; Fri, 17 Oct 2008 05:00:10 +0200 Received: from [127.0.0.1] (xp.egypt.nl [192.168.13.35]) by ra.egypt.nl (Postfix) with ESMTP id 5F562398DE for ; Fri, 17 Oct 2008 05:00:09 +0200 (CEST) Message-ID: <48F7FFB8.20209@boosten.org> Date: Fri, 17 Oct 2008 05:00:08 +0200 From: Peter Boosten User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 CC: freebsd-questions@freebsd.org References: <20013780.post@talk.nabble.com> In-Reply-To: <20013780.post@talk.nabble.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-ZiggoSMTP-MailScanner-Information: Please contact the ISP for more information X-ZiggoSMTP-MailScanner-ID: 1KqfZS-0005w3-JZ X-ZiggoSMTP-MailScanner: Found to be clean X-ZiggoSMTP-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.808, required 5, BAYES_00 -2.60, CM_META_TB_NOARR 0.50, MISSING_HEADERS 1.29, SPF_PASS -0.00) X-ZiggoSMTP-MailScanner-From: peter@boosten.org X-Spam-Status: No Subject: Re: Radius Authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2008 03:38:29 -0000 MattAD wrote: > I would just like to know if anyone on earth has been able to get the > pam_radius module working on FreeBSD, using a windows domain username > through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd > config looks like so: I don't have a direct answer to your question, but we use tac_plus with the RADIUS extension to authenticate from our IPS environment to a Windows 2003 domain, and there are two things I vaguely remember from that setup (maybe they apply to your setup as well): - when authenticating we have to use the complete login name, including domain info: username@domain.tlc - we had to switch 'Store passwords in reversable form' (or something like that - in Windows that is) to be able to authenticate. The first password is stored that way after a password change. - we discovered that some password do not work: passwords with a "+" sign in it, but I don't know if that due to TACACS or RADIUS. Hope it helps. Peter -- http://www.boosten.org